Latest Stories

My WSJ Editorial on Mydoom

In case you have a copy of the Wall Street Journal handy, you’ll find an editorial by me in it today about the Mydoom virus/worm outbreak. Playing provocateur, I name names, and lay blame.

Update: Lots of interesting email on the above column (called by the WSJ “You’ve got Mydoom!”), but only the odd academic taking issue with my main point, that current approaches to Internet security more or less guarantee future, higher infect-rate worms.

Comments

February 1, 2004
Wall Street Journal
To the Editor:
Paul Kedrosky’s report, You’ve got “Mydoom’! ignores important facts about the scope of the internet, the complexity of dealing with viruses, privacy issues, and the economics of security.
Researchers estimate there will be nearly 700 million internet users in 2004. Ballmer estimates there are 400 million users of Office, which includes Outlook, a major target. Why? Hackers always find obvious flaws in Outlook, and Nielsen and others report that nearly 50% of users go online daily for e-mail. Kedrosky’s disagreement with recent legal actions facing Microsoft by blaming competitors and the EU ignores those facts.
The Washington Post reports that viruses cost companies nearly $53 billion in 2003, while Gates says his software offers productivity gains of nearly $4,000 per worker annually. Unfortunately, virus attacks represent now an unfortunate cost of doing business, and many firms don’t protect themselves adequately.
Researchers report proactive measures can be implemented, but at what cost? No one knows, and who is to pay? Should anti-virus companies write surveillance programs? Just imagine the firestorm about privacy issues, and try explaining that one to shareholders. Should the internet community itself look for suspicious activity? Impossible given the nature of unregulated internet architecture. Can Microsoft do a better job making more secure software? In my view, an obligation they owe their customers.
Viruses are here to stay, and hackers will always foil online security. Claiming the average e-mail user is stupid, and blaming anti-virus companies for ignoring his solution due to economics and chasing profits, is unwarranted and off the mark.
Name – you’ll see it if it gets published……